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(57) Abstract: The idea of the present invention 
is to replace the existing password/user ID based 
authentication process by a new digital signature 
authentication process in which preferably the 
first HTTP-request header is extended by the client 
authentication information independently of the 
authentication process used by the destination 
server and without server requesting authentication 
information. The authentication information 
preferably includes the client certificate containing 
the client public key, signed by certification 
authority, and preferably a hash value calculated 
over the HTTP-request header data being sent in the 
request, and encrypted with the Client's private key. 
The certificate and digital signature may be added 
during the creation of the HTTP-request header 
in the client system itself, or may be added later 
in a server acting as a gateway, proxy, or tunnel. 
A destination server that does not support the 
new digital signature authentication process will 
simply ignore the certificate and digital signature 
in the HTTP-request header and will automatically 
initiate its own authentication process. The present 
invention simplifies the existing digital signature 
authentication process and concurrently allows the 
coexistence of different authentication processes 
without changing the HTTP-protocol or causing 
unnecessary network UaflSc. 



wo 2005/006703 A2 



llliillnlllilllll 


llilllll 


lllllllllllilill 


Ulllllfliillili 



PubUshed: 

— without international search report and to be republished 
upon receipt of that report 



For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations'* appearing at the begin- 
ning of each regular issue of the PCT Gazette. 



